Hi all --
I'm using XStream to process large streams of objects via
ObjectInputStream. As one of my requirements, I have to validate the
SHA1 digest of the entire stream received against what was sent. To
accomplish this, I'd hoped to be able to just wrap the InputStream that
gets passed to XStream.getObjectInputStream() with a plain old
java.security.DigestInputStream, and read the digest off the stream at
the end.
Here's where it gets strange:
InputStream is;
InputStream is2; // Known to feed the same bytes as is.
XStream xstream;
DigestInputStream dis = new DigestInputStream(is, "SHA1");
ObjectInputStream ois = xstream.createObjectInputStream(dis);
while(ois.hasNext()) {
ois.next();
}
byte[] digest = dis.getDigest().digest();
DigestInputStream dis2 = new DigestInputStream(is2, "SHA1");
while(dis2.read() != -1) {
}
byte[] digest2 = dis2.getDigest().digest();
At this point, digest and digest2 do /not/ contain the same bytes.
digest2 jives with what I get from third-party SHA1 tools. I'd really
prefer not to have to buffer the whole stream to disk, digest it, and
then feed it to xstream: the latency this would introduce is prohibitive.
It's quite possible that I've misunderstood the intent of the API, but
if that's the case, I'd be happier hearing it from someone else.
Josh Turner
